Wednesday, August 26, 2015

Pale Moon Version 25.7 Released with Security Updates

Pale Moon

Pale Moon has been updated to version 25.7.  This update includes critical security updates as well as some code cleanup and fixes.

Included in the security updates is an update described as "DiD", "Defense-in-Depth.  This fix does not apply to an actively exploitable vulnerability in Pale Moon.  Rather, it is a preventative measure to prevent future vulnerabilities caused by the same code when surrounding code changes.

Security fixes:
  • Added protection against potential bugs where our SVG mPositions is out of sync with the characters in the DOM. DiD
  • Fixed use-after-free vulnerability in XMLHttpRequest::Open() (CVE-2015-4492)
  • Fixed use-after-free vulnerability in the StyleAnimationValue class (CVE-2015-4488)
  • Fixed crash or memory corruption in nsTArray (CVE-2015-4489)
  • Fixed crash or memory corruption in nsTSubstring::ReplacePrep (CVE-2015-4487)
  • Fixed potential escalation of privileges or crash (out-of-bounds write) via a crafted name in MARs (x64 only) (CVE-2015-4482)
  • Fixed an issue that would allow man-in-the-middle attackers to bypass a mixed-content protection mechanism via a feed: URL in a POST request. (CVE-2015-4483)


A complete list of the fixes, changes and additions is available in the Release Notes.

    Minimum system Requirements (Windows):
    • Windows Vista/Windows 7/Windows 8/Server 2008 or later
    • A processor with SSE2 support
    • 256 MB of free RAM (512 MB or more recommended)
    • At least 150 MB of free (uncompressed) disk space
    Pale Moon includes both 32- and 64-bit versions for Windows:
    Other versions:


      To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      No comments: